PeFile ::readPeHeader should check ih.subsystem.

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=65526 https://github.com/upx/upx/issues/767 modified: pefile.cpp
2025-09-28 19:06:07 +08:00 · 2024-01-10 16:28:17 -08:00 · 2024-01-10 16:28:17 -08:00 · e4a611bcae
commit e4a611bcae
parent f3728d99b9
1 changed files with 6 additions and 0 deletions
--- a/src/pefile.cpp
+++ b/src/pefile.cpp
@ -3106,6 +3106,9 @@ PeFile32::~PeFile32() noexcept {}

 void PeFile32::readPeHeader() {
    fi->readx(&ih, sizeof(ih));
+    if (31 < (unsigned) ih.subsystem) {
+        throwCantPack("bad ih.subsystem 0x%x", (unsigned) ih.subsystem);
+    }
    isefi = ((1u << ih.subsystem) &
             ((1u << IMAGE_SUBSYSTEM_EFI_APPLICATION) |
              (1u << IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) |
@ -3159,6 +3162,9 @@ PeFile64::~PeFile64() noexcept {}

 void PeFile64::readPeHeader() {
    fi->readx(&ih, sizeof(ih));
+    if (31 < (unsigned) ih.subsystem) {
+        throwCantPack("bad ih.subsystem 0x%x", (unsigned) ih.subsystem);
+    }
    isefi = ((1u << ih.subsystem) &
             ((1u << IMAGE_SUBSYSTEM_EFI_APPLICATION) |
              (1u << IMAGE_SUBSYSTEM_EFI_BOOT_SERVICE_DRIVER) |